Re: How do I scale my Splunk deployment to account...

vanderaj2 · ‎09-14-2017

Hi Splunkers,

My program is considering adding 600 more Linux UF endpoints to our current Splunk deployment (we have ~450 total UF endpoints now), and they're asking for a "wish list" of resources to support the additional volume.

I have a pretty good idea of my licensing needs, and I've been using the Splunk online sizing tool to figure out how much additional disk capacity we need (based on our retention policies).

Is there also a good sizing tool or document out there to help me figure out whether I need to increase RAM/CPU on my indexers, and possibly add another indexer? (and maybe add another deployment server)

Just FYI - I currently have a 2 indexer cluster. Each indexer has 16 cores, 31 GB RAM

gjanders · ‎09-15-2017

somesoni2 has already linked to it but the Splunk Capacity Planning manual is what you want to refer to...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

DalJeanis · ‎09-14-2017

Did you mean another search head? A second deployment server doesn't seem to make sense in context.

somesoni2 · ‎09-14-2017

He may be asking as number of clients are increasing too. @vanderaj2,, you can see great discussion in this post to understand the H/W requirement and suggested Deployment client load for Deployment servers here.

vanderaj2 · ‎09-15-2017

Yep! that was exactly why I mentioned the deployment server. That discussion thread was very helpful -- thank you somesoni2!

somesoni2 · ‎09-14-2017

This may help. http://docs.splunk.com/Documentation/Splunk/6.6.3/Capacity/Summaryofperformancerecommendations

vanderaj2 · ‎09-15-2017

Very helpful!! Thank you sir.

How do I scale my Splunk deployment to account for rising demand in indexing volume?

license

other

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms